Re: [Freeipa-users] ipa-trust and SRV records
On Wed, 27 Jan 2016, Simpson Lachlan wrote: At the end of the installation of the ipa-adtrust-install, there is a message along the lines of: Add the following service records to your DNS server for DNS zone unix.co.org.au: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs _ldap._tcp.dc._msdcs _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs _kerberos._tcp.dc._msdcs _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs _kerberos._udp.dc._msdcs Which has, I think, been the cause of all of my grief. Do these SRV records in AD represent the minimum DNS set up required in Active Directory (my setup is a one way trust from FreeIPA to an AD over which I have no control, and all DNS is passed up to AD)? These records are required to exist in the DNS zone of IPA. These records are required so that the FreeIPA server can find the AD servers? These records are required so that AD DCs know where to find IPA domain controllers. Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au? No, this is literal string, it has to be this way. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] ipa-trust and SRV records
At the end of the installation of the ipa-adtrust-install, there is a message along the lines of: Add the following service records to your DNS server for DNS zone unix.co.org.au: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs _ldap._tcp.dc._msdcs _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs _kerberos._tcp.dc._msdcs _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs _kerberos._udp.dc._msdcs Which has, I think, been the cause of all of my grief. Do these SRV records in AD represent the minimum DNS set up required in Active Directory (my setup is a one way trust from FreeIPA to an AD over which I have no control, and all DNS is passed up to AD)? These records are required so that the FreeIPA server can find the AD servers? Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project